Solution overview

As organizations move to support hybrid and remote workforces, they’re challenged with managing the different devices that access organization resources. Employees and students must collaborate, work from anywhere, and securely access and connect to these resources.

Implementation of the PKI with Intune

Admins must protect organization data, manage end-user access, and support users from wherever they work. With Encryption Consulting, organizations can easily integrate Intune with their existing infrastructure and use advanced features such as Windows Hello for Business, organization-wide policies so that each device remains compliant with the organization, enable NDES for devices outside the network and much more.

With the integration of Microsoft PKI

Key Features and benefits

Organizations can manage users and devices, including devices owned by your organization and personally owned devices. Microsoft Intune supports Android, Android Open Source Project (AOSP), iOS/iPadOS, macOS, and Windows client devices. With Intune, you can use these devices to access organization resources with policies you create securely.

Intune simplifies app management with a built-in app experience, including app deployment, updates, and removal. Organizations can connect to and distribute apps from their private app stores, enable Microsoft 365 apps, deploy Win32 apps, create app protection policies, and manage access to apps and their data.

Intune automates policy deployment for apps, security, device configuration, compliance, conditional access, and more. To receive these policies, the devices only need internet access. Organizations can deploy the policies to their user and device groups when they are ready.

Employees and students can use the self-service features in the Company Portal app to reset a PIN/password, install apps, join groups, and more. Organizations can customize the Company Portal app to help reduce support calls.

Intune integrates with mobile threat defense services, including Microsoft Defender for Endpoint and third-party partner services. With these services, the focus is on endpoint security, and organizations can create policies that respond to threats, do real-time risk analysis, and automate remediation.

Organizations use a web-based admin center focusing on endpoint management, including data-driven reporting. Admins can sign into the Endpoint Manager admin center from any internet device.

Deployment Options

Intune can be fairly complex to deploy, and depending on the current configuration would vary as to how Intune would be deployed in your organization.

If your organization doesn’t use anything


If you want a cloud solution, consider going straight to Intune. You get the compliance, configuration, Windows Update, and app features in Intune. You also get the benefits of the Endpoint Manager admin center, a web-based console.

Configuration Manager

If you want the features of Configuration Manager (on-premises) combined with the cloud, consider tenant attach or co-management. With Configuration Manager, you can:

  • Manage on-premises devices, including Windows Server.
  • Manage partner or third-party software updates.
  • Create custom task sequences when deploying operating systems.
  • Deploy and manage many app types.
Intune Deployment Options

If you currently use Third party MDM provider

Devices should only have one MDM provider. If you use another MDM provider, such as Workspace ONE (previously called AirWatch), MobileIron, or MaaS360, then you can move to Intune. The biggest challenge is users must unenroll their devices from the current MDM provider and then enroll in Intune.

If you currently use Configuration manager

Configuration Manager supports Windows and macOS devices and Windows Servers. If you’re using other platforms, you may need to reset the devices and enroll them in Intune. Once enrolled, they’ll receive the policies and profiles you create.

If you currently use on-premises group policy

In the cloud, MDM providers, such as Intune, manage device settings and features. Group policies objects (GPO) aren’t used. When managing devices, Intune device configuration profiles replace on-premises GPO

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo